Justice Department Says It Should Be Able To Require People To Decrypt Their Computers

from the legal-questions dept

Another big legal question is hitting the courts, as the Justice Deparment is asking a federal judge to require a woman to decrypt her encrypted laptop as part of a lawsuit against her for a mortgage scam. The government claims that forcing her to decrypt the laptop is no different than standard discovery procedures, such as requiring someone open a safe. However, others, including the EFF, are arguing on Fifth Amendment grounds, that individuals should not be compelled to decrypt such encrypted content, on the grounds that it's a form of incriminating yourself, if the content is found to be useful in prosecution. As we've discussed in the past, some courts have found that people cannot be forced to turn over their encryption key on this very basis. However, this case is slightly different, in that the government is seeking to get around such earlier rulings, by saying that it just wants to require her to type the password in herself to decrypt the laptop -- rather than demanding the key itself. However, the EFF's brief (pdf) in the case suggests that this really isn't a huge difference, and just the decryption requirement alone would be a Constitutional problem.

Reader Comments

sadly they are already a few years behind, as in most cases technology has outstripped the court system. it is possible to to hide encrypted volumes inside encrypted volumes that are supposedly undetectable.

Re:

They're not undetectable. It's actually not that hard for an expert to be able to tell there is another encrypted volume (although I think they must get into the first encrypted volume to do so). But the existence of a volume isn't immediately visible.

If this were to go through a competent computer forensic guy (what the hell are they called?) could get into the first encrypted volume, discover the existence of the other encrypted volume and go back to force the user to proved access to it as well.

The reason for this is that encrypted volumes have very high entropy that is not generally found under other circumstances.

Re: Re:

"Yes, your honor, my encrypted file is actually two volumes with different keys, it takes no special skill to see that. Here's my encryption tool, complete with source code: whenever I encrypt something it offers me a chance to put a second message in the second volume, and if I decline it just encrypts some random junk with a random key which it doesn't retain. In this file the first volume is some vacation photos, and I didn't put anything in the second. Honest, cross my heart."

(There was a tool that did this years ago, I forget the name. It was briefly popular until someone discovered that the implementation was flawed and could be broken.)

Re: Re:

well i would think that if they are trying to force them to give up the password that they probably aren't going to pay an expert consulting fees in order to analyze the encrytion. also I am not an expert on encryption by any means and you may be right but truecrypt documentation seems to argue that a hidden volume is undetectable (http://www.truecrypt.org/docs/) Maybe someone with a doctorate in computer forensics could pick up on that but how many of those people are employed by law enforcement.

Re: Re:

Re: Re:

They're not undetectable. It's actually not that hard for an expert to be able to tell there is another encrypted volume (although I think they must get into the first encrypted volume to do so). But the existence of a volume isn't immediately visible

You are talking about Truecrypt - and it seems that you are reading from a second hand account of a research paper. The true situation is this:

If you create a hidden volume then there are ways to detect its presence because of tell tale signs left in the "outer" volume by the operating system. However if you create a complete hidden operating system then there is no known way at present to detect its existence.

Your comment about entropy is wrong. Truecrypt fills all the empty space on the drive with random (i.e. high entropy) data anyway - so there is no entropy diffence between encrypted data and empty space.

Re: Re: Re: Re:

At the very least they can detect the presence of unpartitioned space. What should unpartitioned space look like? Is unpartitioned space generally composed of a bunch of random bytes in random order (which is what encrypted data attempts to mimic), or is unpartitioned space generally composed of patterned data?

Or maybe they can simply destroy any unpartitioned space by changing the bytes around.

Re: Re: Re: Re: Re:

(Ok, I'll spell it out, just in case it's not obvious from my previous post).

I would go out on a limb and say that unpartitioned space is generally patterned.

If you do a full format, what does the format software generally set the unused bytes to (depending on what you use to format the drive with and perhaps depending on the needs of the operating system). Zero? One? Or it'll arrange the bytes in some sort of patterned structure.

If you do a quick format, what did you generally have before the format? An operating system? Some files? and what do these things consist of? Patterned data.

A chunk of hard disk being composed of unpatterned data can be suspicious.

Re: Re: Re: Re: Re: Re: Re:

but basically, if you want to hide encrypted data, you're better off hiding this unpatterned looking data within patterned data. Make it look like some of the unpredictable elements within patterned data. For instance, you can quick format an operating system. Though we expect the data to be patterned, we don't expect to be able to determine an expected state of each bite. There is some expected unpredictable variance, and encrypted data can hide within that.

For instance, you take a picture of the sky. The picture consists of multiple shades of blue. Do we expect the nine hundredth and fifty ninth pixel be #00FFFF or should it be #00FFFE . Either value are just as expected.

Re: Re: Re: Re: Re: Re: Re: Re:

Re: Re: Re: Re: Re:

If the drive is new, unpartitioned space will probably be all zeros. That is why an important step before creating an encrypted volume is to fill the whole drive with random data. Most encryption tools do this automatically. This way, it will be hard to tell if encrypted data is present.

I think the EFF's got this one right. Forcing someone to type their password into a computer to decrypt it is a testimonial act. That person will then face the cruel trilemma: self-incrimination, perjury, or contempt. The Fifth Amendment doesn't allow that.

Re: Re: oops

Re: oops

Unfortunately, they don't have to prove it. A judge just has to believe you didn't forget it and you can be held in contempt of court. I'm not sure what the maximum penalty for that is. Surely they can't just keep you in jail until you either you give them the key or they decide you don't really know it.

Not sure I see ...

... why typing in your password to decrypt a drive or even to gain access to a PC is different than compelling someone to open a safe. In both cases you are unlocking a thing so the contents can be seen. The only difference is that in one case the contents are physical things and in the other they are digital. I presume that a search warrant is still required in either case and that should mean that the state has provided sufficient evidence to a court that there may be evidence pertient to the legal proceeding in the locked thing.

Re: Not sure I see ...

I think it goes back to the same issues Mike raises about border crossings.

You choose what to stick in a safe. It has a very limited capacity. A PC, however, can have enough room to hold every digital file you're interested in, depending on how much you want to spend on storage space and form factor.

It's not so much that you're hiding something as there may be something in there you simply don't recall off the top of your head that they use against you in another way, much like a fishing expedition.

One must compare the penalties of not decrypting vs the penalties of what you will get in trouble for if you do decrypt the info.

For example, if the penalties for not decrypting the data is five years in jail and decrypting the data would reveal a murder, it would be in the best interest of the laptop owner not to hand over any decryption keys.

Perhaps the law should limit the maximum possible penalties to the penalties for not decrypting. Then again, that's just not how reality works. If police see evidence of a murder on the laptop, they will now be tipped off about the murder and now they know to dig elsewhere for information and pretend that the laptop didn't help them. It would be hard to prove otherwise.

Re:

One must compare the penalties of not decrypting vs the penalties of what you will get in trouble for if you do decrypt the info.

For example, if the penalties for not decrypting the data is five years in jail and decrypting the data would reveal a murder, it would be in the best interest of the laptop owner not to hand over any decryption keys.

There's one little snag in your plan; If a judge orders you to decrypt a computer and you refuse, you will be held in contempt of court. When this happens, the normal protections of the legal system don't apply and the judge will throw you in jail to rot until you do what he/she tells you. Judges have almost unlimited power to keep you in jail on a contempt charge and will do so until you comply.

Re: Re: Re: Re:

Unfortunately, the way the U.S. is heading ...

It has many of the symptoms of Russia. Big business bail outs, government is protective of big business in many other ways, the government getting away with all sorts of things (ie: warrantless wiretapping, domain seizures just to protect big business) with no due process, etc...

Re: Re: Re:

Oops, I forgot the password.

So the court is supposed to believe that a person has suddenly forgotten the password to a computer that they were using on a daily basis? Or that the person kept a computer set up, even though they could no longer use it because of a forgotten password?

Re: Re: Re: Re:

Re: Re: Re:

To prove contempt, the prosecutor or complainant must prove the four elements of contempt:

Yes and they shouldn't be able to prove the third element if you forgot the password. However, a court's version of prove isn't some airtight formal proof adhering to all rules of logic. It's more like convince, as in a debate where fallacies are quite useful in bringing people to your side.

Lost the key

If they had a safe as evidence and you lost the key or forgot the combination they would hire a locksmith and get the evidence.

If you forgot the password to your encrypted disk let them hire someone to crack the encryption.

No need to shred the 5th amendment.

They more they push this issue the more people will fight back with new technology. For example criminal hears his front door get knocked in, presses a certain keyboard combination causing his solid state encrypted hard drive, along with some fuel source, to catch fire and become ashes in a matter of seconds.

They should be happy enough that given enough time they might some day be able to decrypt some data.

But no thats not good enough, they want to see technology advance so they are left with a pile of ashes to decrypt.

I could even see a company selling such a hard drive.
It would be encased in such a way that when activated it would not start a fire externally. It would be activated by not seeing the correct pass-phrase after some period of time or after X number of incorrect pass-phrase attempts. Maybe even activated if it detected being tampered with physically.

Companies and Governments would purchase these in bulk for laptops that contain sensitive data.
No more concerns over lost laptops!

Re: Re: Lost the key

Re: Lost the key

> For example criminal hears his front door get
> knocked in, presses a certain keyboard combination
> causing his solid state encrypted hard drive,
> along with some fuel source, to catch fire
> and become ashes in a matter of seconds.

We had a CP case years ago where we served the warrant on the guy, arrested him at his house and seized his computers. Took them back to our office for forensic examination and when we started them up, found every single disk and drive was completely blank.

Turns out he embedded extremely powerful magnets in the door frame and window frame of the room where he kept the computers and when the computers were taken out through the door, it wiped the drives.

Re: Re: Lost the key

It is not likely this would work with modern drives, certainly not for drives made since 2005 that use Perpendicular Magnetic Recording (PMR). A high magnetic field is necessary for erasure and a quick glance shows the cost for these degaussers range from $8k - $20K. Also, remember that close proximity is required as the field strength drops off quite rapidly. Even a few inches away means that a permanent magnet or an electromagnet will not be effective in degauusing.

The Post-It® note was Scotch-Taped® to the monitor!

Look, judge, the post-it was scotch-taped to the monitor when the cops took the computer... if the police can't find it now, then password must be lost.

Really, when they start ordering you to give up what's in your mind, the only other reasonable answer is, "Fuck you."

And if you tell 'em "Fuck you" like they fully deserve, they'll probably throw you in jail. Under these circumstances, there's no moral duty to tell 'em the truth.
Give the soviet bastards your name, rank and serial number. Then try to stay alive, and escape back to freedom. Die, if you have to.

Re: here you go

If your password is a random string of gibberish, it'd be pretty easy to forget it if you weren't regularly typing it in. It'd be even easier to forget it if you had to memorize new random strings of gibberish (like the encryption password on your new computer).

I learned the hard way to NEVER encrypt the system drive. A hiccup in a defrag can instantly become a everything-lost-forever nightmare.
Personally, (assuming TrueCrypt) if I were really paranoid I'd be using a hidden volume container inside it's outer volume, and I'd move that into a small virtual machine's hidden volume.
Lots of risky entropy, yes. But it's sure a lot faster to wipe a 20GB VM than an entire drive. And copies of the VM can be stored off-site in case the primary is wiped.

Re:

If you were really paranoid you would have designed a battery powered electromagnet into your computer case that is designed to engage when the power plug is removed without holding down three other hidden "buttons" like a screw, etc. and then for good measure have pads of thermite ignite above each of your hard drives.

I personally am not that paranoid/would never put anything incrementing on something the government could get their hands on.

Re: Re:

This makes me wonder what the laws are regarding booby trapping. Suppose you rig your computer in such a way that it explodes if carried outside of your house. Now suppose you aren't home when the police perform a search and take your stuff. How were you supposed to know?

Re:

I learned the hard way to NEVER encrypt the system drive.

If you don't encrypt the system drive, then any data accessed on that system is not secure. It is technologically simple to get data out of various cache and temporary files, such as the Windows pagefile. Which is stored in your unencrypted system drive.

Heck, RAM isn't even completely secure after the system is off. Data (including your encryption key) can be pulled off it for minutes even after power is removed, depending on temperature. http://en.wikipedia.org/wiki/Cold_boot_attack

Encryption

I don't have anything that needs encryption, or encrypted erasure, but I have those programs anyway - because I can. If any old Tom, Dick, or Harry can demand the key, what good is having the program? If the government needs to decrypt something they must do what responsible governments have always done and crack the code! It's good for the brain!

Different violation

A requirement to type in the password is contrary to the 13th Amendment (not that any of them are respected in USA anymore).

The appropriate answer is, "All the data has been delivered, you have it right there". AFAIK there has never been a requirement for the discoveree to interpret data for the opposing party. If it were in a language they didn't understand, for example, it would be their own responsibility to find a translator.

Re: Different violation

Exactly. Suppose you were skilled enough to use a filesystem that you invented yourself. Since no know else understands it, they would have no way of knowing if there was data or not. The bottom line is though that your story has to be believable. If you are accused of something, just arguing that the other side can't prove anything isn't gonna cut it. The jury/court has to believe that you are telling the truth.

Re: Re: Re: Re: Encryption

Enforcement

If the court rules that encryption passwords are non-testimonial, what can they do if someone claims to have forgotten their password? The common remedy for such things (refusing to provide a voice-lineup, for example) is to jail the person for contempt until they comply. But such things have their limits. A few weeks to a month is typical. Anything approaching a year is very unusual.

However, it seems like if I know that what's on the computer will get me convicted and sent to prison, I'd certainly prefer 6 months to a year in the county jail for contempt over 10 years in the federal penitentiary for mortgage fraud or whatever.

about that laptop...

If the woman broke the law, and they want to look at her files, I think they would have to KNOW that information on there is detrimental to her, otherwise they wouldn't ask, and she wouldn't refuse...THAT SAID, if she is still in possession of the laptop, (unlikely of course) she could always format the hard drive and NOBODY would be able see what was on there, I think this is a test case for purposes other than prosecuting this woman, if they have THIS much on her, they don't need any info on her laptop, there are traces of her activities everywhere.

@ steve....good point, and I'll tell you why...

Steve, Jul 13th, 2011 @ 10:36am
A requirement to type in the password is contrary to the 13th Amendment (not that any of them are respected in USA anymore).

The appropriate answer is, "All the data has been delivered, you have it right there". AFAIK there has never been a requirement for the discoveree to interpret data for the opposing party. If it were in a language they didn't understand, for example, it would be their own responsibility to find a translator.

years ago, when after a false conviction and an appeal I requested transcripts of the proceedings of my court case, and they came alright, but were in the "symbolized' shorthand of the court stenographer, and most people don't realize this, but they all have different styles, so only the person who wrote them, would ever have a shot at decrypting them, so basically, when asked if I HAD been given a copy of the transcripts, I had to say yes, but they were unreadable, he said, that's not my fault, and eventually dismissed my case! the conviction stands!